Why does it need to work for both pserver /and/ SSH? Having SSH working should circumvent almost any need for pserver. Noel -- Wolfgang Kormann <address@hidden> wrote: _______________________________
[...] The way CVS works, a user need read permission on a repository directory to read files in that directory (checkout, log, status, etc.) and write permission in a directory to write files in that
hello, how can I build a security concept for CVS on SuSe Linux... - I'd like define groups - and it should be possible to set r/w rights on directories for this groups for example: cvsroot productA
[ On Friday, January 25, 2002 at 11:30:27 (-0800), Paul Sander wrote: ] And there's where your fatal flaw lies. CVS cannot, by design *and* implementation, possibly securely implement any even reason
[ On Thursday, January 24, 2002 at 20:40:53 (-0500), Michal Wallace wrote: ] This has been discussed endlessly in this forum in the past.... :-) Ah, but is it protected from potential trojans -- i.e.
Kindly take my comments in context: Applications require a Unix user ID to run, especially if they write to the Unix filesystem. That's not the same thing as tracking their user bases. They can eith
[ On Friday, January 25, 2002 at 00:24:31 (-0800), Paul Sander wrote: ] Yes, they do, since in particular this one uses the Unix filesytem and has no other means of controlling who has access to what
Applications don't require Unix user IDs to track their own user bases. You don't need *Unix security* to have *good security*, even on a Unix system. But obviously if an application does away with
Hi Greg, You obviously have very strong feelings about this... Can you help me understand specifically what risks are involved? These are the precautions I'm taking: - The CVSROOT directory is read-o
Oh yeah, admin user cvs should be in all groups... cvs, public, company[abc] ur welcome. Sounds like a training issue. Also, easiest and most secure are generally mutually exclisive. :-) SSH is pret
Close, but I do not completely agree: - Admin group cvs-- nobody else, create an unpriviledged admin role user cvs - Set (almost, see next line) all files under $CVSROOT/CVSROOT to cvs:cvs - set $CVS
[ On Wednesday, January 23, 2002 at 22:56:35 (-0800), Paul Sander wrote: ] No, they throw away any and all possibility of accountability, especially with CVS. Period. -- Greg A. Woods +1 416 218-0098
When someone uses shared accounts, they throw away Unix security. Maybe that's your point, but on the other hand Unix security is not needed in many carefully controlled situations. For example, if
[ On Wednesday, January 23, 2002 at 20:02:55 (-0800), Paul Sander wrote: ] Because that's how Unix systems security works. -- Greg A. Woods +1 416 218-0098; <address@hidden>; <address@hidden>; <addre
Use SSH instead of pserver. __________________________________________________ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shoppin
What's the best way to disable the update.prog and checkin.prog functionality? Currently I have commented out 2 REQ lines in the source that seem to call this functionality. Is this the best way to d
If you use pserver and don't correctly protect the CVSROOT/passwd file, it's trivially easy. The bottom line is that there are lots of different kinds of security and you need to decide exactly what
Use the ":ext:" method with SSH. Not. None. Zero. Zip. That's less likely, but not the real point of CVS security. That's only a very tiny part of the picture.... Why bother? Give everyone real accou
When you say you "logged in" your CVSROOT/passwd, do you mean you are using CVS to manage it? If so, did you add it to the checkout list file as discussed in <http://www.cvshome.org/docs/manual/cvs_2